Corporate Criminal Liability in Australia
There has long been discussion in Australia and attempts by regulators to make their life easier in terms of bringing criminal proceedings against companies where conduct suggests economic or financial crimes have been committed. The traditional criminal law makes the progress of such charges time-consuming and unpredictable, in particular whether it can be said that the conduct of individuals can bind the company and is conduct of the “guiding minds” of the company. In 2001, the Criminal Code Act 1995 (Cth) (Criminal Code) created statutory corporate criminal liability to try and address the difficulties associated with the attribution of individual conduct to a corporate entity, but the offences remain untested before the courts.
Since 2015, the Australian Senate Economics Reference Committee has had Australia’s foreign bribery laws under review. Since 2016, the Australian Joint Parliamentary Committee on Corporations & Financial Services has been actively reviewing Australia’s whistleblower protection laws in the private and not-for-profit sectors. Both these reviews have received many submissions, all pointing to the need for reform and in some cases, substantial reform, of existing and in the opinion of many of the submissions, largely inadequate laws.
Consequences of the Reform Changes
The likely critical consequences of these proposed reforms will be to:
- impose absolute liability on a company for the conduct of its associates (including subsidiaries, contractors or any third party entity that performs services for the company), so effectively piercing the corporate veil and imposing a legal responsibility on the ultimate company on behalf of which a third party performs services;
- create corporate criminal liability for failing to act in a certain manner;
- require companies to have “adequate procedures” in place to prevent such conduct and that will involve proactive procedures to manage the conduct of third parties;
- reverse the onus of proof so the company must prove such procedures were in place;
- leave unchanged the liability of individuals for their conduct as primary or secondary (accessorial) offenders;
- encourage and incentivise whistleblowers to disclose improper or illegal conduct with a substantially revamped protection regime in place across the private sector; and
- by these reforms, to drive cultural change so that acting ethically and legally becomes the norm as opposed to unethical or illegal conduct (for profit) driving commercial conduct.
All companies, however large or small, will need to comply with these proposed laws when (rather than if) they are enacted.
Developments in the United Kingdom
In 2010, the United Kingdom enacted the Bribery Act. This was significant not only because all forms of bribery and corruption were criminalised with unlimited fines, but companies were particularly targeted by what has become known as the “section 7 offence”.
That is, a company is deemed criminally liable for the conduct of a person “associated” with the company (or under the Bribery Act, an “organisation”) unless the company can prove it had “adequate procedures” in place to prevent such conduct.
The UK Ministry of Justice published a Guidance document setting out six broad compliance principles to guide companies on what was expected of them to prove that they had acted in a manner to prevent such conduct.
As you might imagine, the imposition of strict criminal liability for a failure to prevent certain conduct was relatively new under UK law. It has resulted in many companies substantially reviewing and revising their internal procedures to demonstrate that they indeed have adequate procedures in place.
What has occurred over the last couple of years is that companies that detect or are alerted to potential illegal conduct are increasingly seeking to disclose that conduct to the UK authorities and to benefit from the UK “deferred prosecution agreement” (or DPA) scheme. No such scheme exists in Australia.
Now it is Australia’s turn.
Proposed Australian Legal Reforms
The Commonwealth Government has released a draft exposure bill, the Crimes Legislation Amendment Bill 2017 to amend the Criminal Code Act 1995 (Cth) (the Criminal Code). While amending the existing foreign bribery offence to create two offences – (1), intentional bribery of a foreign public official and (2), a new offence of recklessly bribing a foreign public official, the law will create the new corporate offence of failing to prevent foreign bribery.
In addition, the Commonwealth is proposing to enact a Commonwealth DPA scheme to cover identified economic crimes and specified offences under the Corporations Act 2001 (Cth) (yet to be identified). Furthermore, substantial reforms are likely to strengthen the form of protections for whistleblowers across the private sector and substantially change the existing whistleblower protections (in Part 9.4AAA of the Corporations Act).
All of these reforms are being actively promoted by the Commonwealth Government and supported by parliamentary reviews in the Australian Parliament. One explanation for these raft of changes is that Australia, as signatory to the OECD Anti-Bribery Convention, will later in 2017 begin its Phase 4 peer review process of member States and a key focus will be on enforcement and gaps in laws that can be remedied to promote enforcement.
Proposed new Corporate Offence of Failing to Prevent Foreign Bribery
The proposed new corporate offence of failing to prevent foreign bribery has the following as its key elements.
- The company commits an offence:
- if an associate commits an offence under section 70.2 (the intentional bribery of a foreign public official) or 70.2A (the new offence of recklessly bribing a foreign public official); or
- engages in conduct outside Australia that would constitute an offence under sections 70.2 and 70.2A; and
- the associate does so for the profit or gain of the company.
- The company will be liable even if the associate is not convicted of the offences.
- Corporate criminal liability applies.
- An “associate” means:
- an employee, agent or contractor of the company;
- a subsidiary of the company within the meaning of the Corporations Act;
- an entity controlled by the company within the meaning of the Corporations Act; or
- otherwise performs services for or on behalf of the company.
- The deemed criminal liability will not apply if the company proves that it had in place adequate procedures designed to prevent such conduct.
- The penalties are severe, per offence:
- For the underlying conduct constituting intentional foreign bribery:
- 100,000 penalty units (currently $18 million); or
- 3 times the value of the benefit obtained from the conduct; or
- 10% of the annual turnover for a 12 month period ending when the conduct occurred;
- For the underlying conduct constituting reckless foreign bribery:
- 50,000 penalty units (currently $9 million); or
- 1.5 times the value of the benefit obtained from the conduct; or
- 5% of the annual turnover for a 12 month period ending when the conduct occurred;
- For the underlying conduct constituting intentional foreign bribery:
- The Minister (of Justice) must publish guidance on the steps a company can take to have in place adequate procedures (no such guidance has yet been published).
Guidance from the UK on “Adequate Procedures”
In terms of the UK Ministry of Justice Guidance, it is clear that companies will be expected to implement the following principles into their business:
- Principle 1 - Company procedures to prevent bribery must be proportionate to the bribery risks it faces and to the nature, scale and complexity of its business activities, and which are clear, practical, effectively implemented and enforced.
- Principle 2 - The top-level management of a company are committed to preventing bribery and they foster a culture in which bribery is never acceptable.
- Principle 3 - The company periodically assesses (and documents this work) the nature and extent of its exposure or potential exposure and internal risks of bribery.
- Principle 4 - All due diligence activities take a proportionate risk-based approach towards any person or entity who will perform services for the company to identify and mitigate bribery risks.
- Principle 5 - The company ensures its bribery prevention policies are embedded and understood through internal and external communications (including training), proportionate to the risks.
- Principle 6 - The company monitors and reviews bribery prevention procedures, particularly as may arise in the conduct of persons “associated with the organisation”.
What that all means will very much depend on the individual company, its operations, risk profile and how it manages those aspects of its business.
Self-Reporting Serious Corporate Crime
In late March 2017, the Commonwealth Government published a Consultation Paper setting out a proposed model for a DPA scheme in Australia.
The Paper is the result of the initial 2016 consultation process inviting submissions on the introduction of a DPA scheme for Commonwealth offences. Broadly, the majority of submissions in 2016 favoured the introduction of a DPA scheme. The rationale for a DPA scheme is to enhance accountability within the business sector for serious corporate crime, to punish companies in a process that provides effective redress and seeks to promote an improved compliance and corporate culture.
What is a DPA?
A DPA involves, in summary, the following:
- a company discovering serious misconduct or illegal conduct undertaken by or in its name by employees, agents or third parties acting on its apparent behalf;
- the company reports the conduct to authorities (in Australia, the AFP);
- the company fully cooperates with the investigators;
- the company is invited by the prosecutor (in Australia, the Commonwealth Director of Public Prosecutions, CDPP) to enter into a DPA on the basis that an negotiated settlement of potential criminal conduct is regarded as being more in the public interest than a formal criminal prosecution;
- if the DPA and its terms (such as agreed facts and/or an admission of criminal liability, payment of agreed fines, penalties, disgorgement of profit, compensation to victims, costs, interest and a supervisory monitor) are approved as being fair, reasonable and proportionate (by an independent body such as a court in the US or UK), it takes effect;
- during the DPA, a criminal indictment, if filed (as in the UK and US), is suspended subject to compliance with the DPA;
- at the conclusion of the DPA, it will be dismissed;
- if the company breaches the DPA, a criminal prosecution may commence or continue.
Key Features of the Proposed Australian DPA
In addition to the key features noted above, the model proposed by the Australian Government contains the following conditions:
- a DPA will only be available for companies, not individuals; and
- a DPA will apply to nominated Commonwealth offences, including:
- false accounting,
- foreign bribery,
- money laundering,
- dealing with the proceeds of crime,
- forgery and related offences,
- exportation or importation of prohibited or restricted goods,
- “specific offences” under the Corporations Act, and
- any ancillary offence to which the DPA scheme explicitly applies.
The model DPA scheme is likely, if it becomes law, to be reviewed after two years and further consideration will be given whether to include other crime types (such as environmental crime, tax offences, cartel offences and OH&S offences).
The importance of these proposed changes are to make the job of ASIC, the AFP, the Serious Financial Crime Taskforce and ultimately the CDPP easier to target, investigate and prosecute complex corporate crime, in Australia (noting the reference to “specific offences under the Corporations Act” that will be covered by the proposed DPA scheme) and overseas. In addition, companies are likely to have more certainty about how they will be treated once the CDPP and AGD publish a framework on how the DPA scheme will work in practice.
Practical Result of the Proposed Reforms
All companies, however large or small, will need to comply with these proposed laws when (rather than if) they are enacted. These laws do not require a “Rolls-Royce” response in every circumstance. Rather, the laws are likely to require a response proportionate to the identified business risk facing a company in each jurisdiction where it operates, for the risks to be identified, managed and monitored with flexible changes in conduct occurring to reflect changing risk profiles.
It will be critical for companies to undertake a risk-based and proportionate review of their business (including the activities of all third party agents, consultants, intermediaries and subsidiaries) to determine their risk profile and potential exposure and then to put in place procedures that adequately address that profile and exposure. It will not be enough for companies to do nothing or to try and hide behind diffuse corporate structures. Rather, a proactive risk-based approach will be required and once implemented, for the procedures to be reviewed, monitored and adapted as the business changes and develops.